From 3ec4d7e422afd916c8e9d6723d1b157e4e9471b7 Mon Sep 17 00:00:00 2001
From: Aaron Francis Fernandes <79958509+aaronfern@users.noreply.github.com>
Date: Fri, 22 Jul 2022 13:43:01 +0530
Subject: [PATCH] Added pod permissions in etcd-role (#372) (#379)

* Added pod permissions in etcd-role

* Updated unit tests

* Removed unneeded pod permissions
---
 charts/etcd/templates/etcd-role.yaml |  8 ++++++++
 controllers/etcd_controller_test.go  | 13 +++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/charts/etcd/templates/etcd-role.yaml b/charts/etcd/templates/etcd-role.yaml
index 27298cc2c..518ba6dac 100644
--- a/charts/etcd/templates/etcd-role.yaml
+++ b/charts/etcd/templates/etcd-role.yaml
@@ -36,4 +36,12 @@ rules:
   - list
   - patch
   - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
   - watch
\ No newline at end of file
diff --git a/controllers/etcd_controller_test.go b/controllers/etcd_controller_test.go
index a16b75e32..f8a1372e3 100644
--- a/controllers/etcd_controller_test.go
+++ b/controllers/etcd_controller_test.go
@@ -953,6 +953,19 @@ func validateRole(instance *druidv1alpha1.Etcd, role *rbac.Role) {
 					"watch":  Equal("watch"),
 				}),
 			}),
+			"": MatchFields(IgnoreExtras, Fields{
+				"APIGroups": MatchAllElements(stringArrayIterator, Elements{
+					"": Equal(""),
+				}),
+				"Resources": MatchAllElements(stringArrayIterator, Elements{
+					"pods": Equal("pods"),
+				}),
+				"Verbs": MatchAllElements(stringArrayIterator, Elements{
+					"list":  Equal("list"),
+					"get":   Equal("get"),
+					"watch": Equal("watch"),
+				}),
+			}),
 		}),
 	}))
 }